Kiwis believe telcos, government and banks more likely to suffer a data breach

New Zealanders believe telecommunications companies, government agencies and banks are more likely to suffer an accidental or malicious breach of their personal data in the next 12 months than other types of organisations, according to a survey by Unisys.

The majority of respondents, however, say a data breach is not likely at an airline, healthcare provider or utility company such as a power or water supplier.

These are among the key findings of the latest Unisys Security Insight, a global study on the attitudes of consumers on a range of security issues. In New Zealand, the study was conducted by Newspoll and covered 503 adults in April 2015.

The survey asked consumers in 12 countries about the likelihood that their personal data held by seven types of organisations (airlines, banking/finance, government, healthcare, retail, telecom, and utilities) would be accessed by an unauthorised person, accidentally or deliberately, in the next year.

Across the region, telcos are the least trusted by Australians (58 per cent), New Zealanders (53 per cent), and Malaysians (52 per cent) to protect personal data.

The survey finds a high expectation of a data breach by government in the next 12 months in all three countries: Australia (49 per cent), New Zealand (51 per cent) and Malaysia (46 per cent)

Kiwis, meanwhile, trust banks the least with 50 per cent expecting a breach, compared to 35 per cent in Malaysia and 46 per cent in Australia.

There is, however, a high trust in airlines to protect personal data in all three countries.

‘Trust must be earned’

“This survey reveals which organisations Kiwis don’t trust to protect their personal information,” says Steve Griffin, country manager, Unisys New Zealand. “Consumer trust must be earned. To build public confidence, an organisation needs to not only take preventative measures, but also communicate to their target customers that they have taken those measures. Such an investment can offer a competitive advantage between brands within a category.”

“Many Kiwis have experienced a data breach or have seen media reports of breaches by telcos, government and banks, so they expect data breaches in those organisations. However, telcos and government would do well to learn from the way banks quickly communicate breaches to their customers to minimise the impact and rebuild confidence,” adds Griffin.

While airlines are the most trusted type of organisation by Kiwis, they will need to work to maintain this trust as they continue to capture more and more information about their passengers, says Griffin.

Griffin points out majority of Kiwis (80 per cent) in the 2011 survey said they would stop dealing with an organisation if their data was breached.

“This highlights that public confidence in an organisation’s ability to protect data needs to be a business priority, not a mere IT issue.”

Security amidst hyperconnectivity

The survey suggests that consumers are concerned about their personal data collected, used and held by organisations, says Unisys.

“With an ever increasing hyper-connectivity of consumers across various digital platforms, the traditional mechanisms to protect sensitive personal data against advanced attacks are proving to be insufficient."

Steve Griffin at the 2015 CIO100 event in Auckland.

This highlights that public confidence in an organisation’s ability to protect data needs to be a business priority, not a mere IT issue.

Steve Griffin, Unisys

It lists some ways to protect against advanced attacks and accidental data disclosures:

Converged physical and logical security approach: Enterprises should seek ways to solve critical challenges at the point of convergence. Such measures help integrate sensors, consolidate
data, provide central or dispersed command and control, use the identity information, and support real-time as well as offline analytics.

Isolation and compartmentalisation for data protection: Protecting sensitive information from
unauthorised access is the core objective for any security strategy.

This typically involves two key activities of identifying the scope of data protection task, and isolating the people, processes and technologies that interact with the sensitive data. Data isolation is achieved by using access controls and encryption to ensure only authorised systems and users can access sensitive information.

Copyright 2016 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.